Data Privacy, Ethics and Protection Principles The Guidance Note on Data Privacy, Ethics and Protection sets out general guidance on data privacy, data protection and data ethics for the United Nations Development Group (UNDG) concerning the use of big data, collected in real time by private sector entities as part of their business offerings, and shared with UNDG members for the purposes of strengthening operational implementation of their programmes to support the achievement of the 2030 Agenda. Download Guidance Note The Guidance Note is designed to:Establish common principles across UNDG to support the operational use of big data for achievement of the Sustainable Development Goals (SDGs);Serve as a risk-management tool taking into account fundamental human rights; andSet principles for obtaining, retention, use and quality control for data from the private sector. Recommendations The Guidance Note is not a legal document. It provides only a minimum basis for self-regulation, and therefore may be expanded and elaborated on by the implementing organizations.It is recommended that the Principles described in the Guidance Note be implemented through more detailed operational guidelines that account for the implementation of UNDG member organizations’ mandates as well as their existing regulations, rules and policies concerning data privacy, data protection, data ethics and data security. It is recommended that designated legal, ethics, privacy and security experts be consulted, when necessary, regarding the implementation of, and compliance with, this Note. Implementing organizations are encouraged to establish a monitoring mechanism for compliance and implementation of this Note. Our Data Privacy & Data Protection Principles Purpose of use We access, analyse or otherwise use data for the purposes consistent with the United Nations mandate and in furtherance of the Sustainable Development Goals Right to use We access, analyze or otherwise use data that has been obtained by lawful and fair means, including, where appropriate, with the knowledge or consent of the individual whose data is used Purpose compatibilityWe ensure to the extent possible, that all of the data we use for project purposes is adequate, relevant, and not excessive in relation to the legitimate and fair purposes for which the data was obtained Individual privacy We do not access, analyse or otherwise use the content of private communications without the knowledge or proper consent of the individual We do not knowingly or purposefully access, analyse, or otherwise use personal data, which was shared by an individual with a reasonable expectation of privacy without the knowledge or consent of the individual We do not attempt to knowingly and purposefully re-identify de-identified data, and we make all reasonable efforts to prevent any unlawful and unjustified re-identification Data security We ensure reasonable and appropriate technical and organisational safeguards are in place to prevent unauthorised disclosure or breach of data Risk and harm assessment and risk mitigation We perform a risk assessment and implement appropriate mitigation processes before any new or substantially changed project is undertaken We take into consideration the impact that data use can have not only on individuals but also on groups of individuals We ensure that the risks and harms are not excessive in relation to the positive impact of the project Data sensitivityWe employ stricter standards of care while conducting research among vulnerable populations and persons at risk, children and young people, and any other sensitive data Data minimisation We ensure the data use is limited to the minimum necessary Data retentionWe ensure that the data used for a project is being stored only for the necessary duration and that any retention of it is justified Data quality and accountability We design, carry out, report and document our activities with adequate accuracy and openness Our collaborators We require that our collaborators are acting in compliance with relevant law, data privacy and data protection standards and the United Nations’ global mandate.